def edit(request, id, form_class=NewsForm, template_name="news/edit.html"): news = get_object_or_404(News, pk=id) # check permission if not has_perm(request.user, "news.change_news", news): raise Http403 form = form_class(instance=news, user=request.user) if request.method == "POST": form = form_class(request.POST, instance=news, user=request.user) if form.is_valid(): news = form.save(commit=False) # update all permissions and save the model news = update_perms_and_save(request, form, news) log_defaults = { "event_id": 305200, "event_data": "%s (%d) edited by %s" % (news._meta.object_name, news.pk, request.user), "description": "%s edited" % news._meta.object_name, "user": request.user, "request": request, "instance": news, } EventLog.objects.log(**log_defaults) messages.add_message(request, messages.SUCCESS, "Successfully updated %s" % news) return HttpResponseRedirect(reverse("news.view", args=[news.slug])) return render_to_response(template_name, {"news": news, "form": form}, context_instance=RequestContext(request))
def add(request, form_class=NavForm, template_name="navs/add.html"): if not has_perm(request.user, 'navs.add_nav'): raise Http403 if request.method == "POST": form = form_class(request.POST, user=request.user) if form.is_valid(): nav = form.save(commit=False) nav = update_perms_and_save(request, form, nav) log_defaults = { 'event_id' : 195100, 'event_data': '%s (%d) added by %s' % (nav._meta.object_name, nav.pk, request.user), 'description': '%s added' % nav._meta.object_name, 'user': request.user, 'request': request, 'instance': nav, } EventLog.objects.log(**log_defaults) messages.add_message(request, messages.SUCCESS, 'Successfully added %s' % nav) return redirect('navs.edit_items', id=nav.id) else: form = form_class(user=request.user) return render_to_response( template_name, {'form':form}, context_instance=RequestContext(request), )
def save_model(self, request, object, form, change): instance = form.save(commit=False) # update all permissions and save the model instance = update_perms_and_save(request, form, instance) return instance
def user_membership_add(request, username, form_class=UserMembershipForm, template_name="profiles/add_membership.html"): user = get_object_or_404(User, username=username) try: profile = Profile.objects.get(user=user) except Profile.DoesNotExist: profile = Profile.objects.create_profile(user=user) if not is_admin(request.user): raise Http403 if request.method == 'POST': form = form_class(request.POST) if form.is_valid(): membership = form.save(commit=False) membership = update_perms_and_save(request, form, membership) messages.add_message(request, messages.SUCCESS, 'Successfully updated memberships for %s' % user.get_full_name()) return HttpResponseRedirect("%s%s" % (reverse('profile', args=[user.username]),'#userview-memberships')) else: form = form_class(initial={'user':user}) return render_to_response(template_name, { 'form': form, 'user_this': user, }, context_instance=RequestContext(request))
def edit(request, id, form_class=FileForm, template_name="files/edit.html"): file = get_object_or_404(File, pk=id) # check permission if not has_perm(request.user,'files.change_file',file): raise Http403 if request.method == "POST": form = form_class(request.POST, request.FILES, instance=file, user=request.user) if form.is_valid(): file = form.save(commit=False) file.name = file.file.path.split('/')[-1] # update all permissions and save the model file = update_perms_and_save(request, form, file) log_defaults = { 'event_id' : 182000, 'event_data': '%s (%d) edited by %s' % (file._meta.object_name, file.pk, request.user), 'description': '%s edited' % file._meta.object_name, 'user': request.user, 'request': request, 'instance': file, } EventLog.objects.log(**log_defaults) return HttpResponseRedirect(reverse('file.search')) else: form = form_class(instance=file, user=request.user) return render_to_response(template_name, {'file': file, 'form':form}, context_instance=RequestContext(request))
def add(request, form_class=DiscountForm, template_name="discounts/add.html"): if not has_perm(request.user, 'discounts.add_discount'): raise Http403 if request.method == "POST": form = form_class(request.POST, user=request.user) if form.is_valid(): discount = form.save(commit=False) discount = update_perms_and_save(request, form, discount) log_defaults = { 'event_id' : 1010100, 'event_data': '%s (%d) added by %s' % (discount._meta.object_name, discount.pk, request.user), 'description': '%s added' % discount._meta.object_name, 'user': request.user, 'request': request, 'instance': discount, } EventLog.objects.log(**log_defaults) messages.add_message(request, messages.SUCCESS, 'Successfully added %s' % discount) return redirect('discount.detail', id=discount.id) else: form = form_class(user=request.user) return render_to_response( template_name, {'form':form}, context_instance=RequestContext(request), )
def save_model(self, request, object, form, change): """ update the permissions backend """ instance = form.save(commit=False) perms = update_perms_and_save(request, form, instance) return instance
def edit(request, id, form_class=EntityForm, template_name="entities/edit.html"): entity = get_object_or_404(Entity, pk=id) if has_perm(request.user,'entities.change_entity',entity): if request.method == "POST": form = form_class(request.POST, instance=entity, user=request.user) if form.is_valid(): entity = form.save(commit=False) # update all permissions and save the model entity = update_perms_and_save(request, form, entity) log_defaults = { 'event_id' : 292000, 'event_data': '%s (%d) edited by %s' % (entity._meta.object_name, entity.pk, request.user), 'description': '%s edited' % entity._meta.object_name, 'user': request.user, 'request': request, 'instance': entity, } EventLog.objects.log(**log_defaults) return HttpResponseRedirect(reverse('entity', args=[entity.pk])) else: form = form_class(instance=entity, user=request.user) return render_to_response(template_name, {'entity': entity, 'form':form}, context_instance=RequestContext(request)) else: raise Http403
def add(request, form_class=EntityForm, template_name="entities/add.html"): if has_perm(request.user,'entities.add_entity'): if request.method == "POST": form = form_class(request.POST, user=request.user) if form.is_valid(): entity = form.save(commit=False) # update all permissions and save the model entity = update_perms_and_save(request, form, entity) log_defaults = { 'event_id' : 291000, 'event_data': '%s (%d) added by %s' % (entity._meta.object_name, entity.pk, request.user), 'description': '%s added' % entity._meta.object_name, 'user': request.user, 'request': request, 'instance': entity, } EventLog.objects.log(**log_defaults) messages.add_message(request, messages.SUCCESS, 'Successfully added %s' % entity) return HttpResponseRedirect(reverse('entity', args=[entity.pk])) else: form = form_class(user=request.user) return render_to_response(template_name, {'form':form}, context_instance=RequestContext(request)) else: raise Http403
def edit(request, id, form_class=LocationForm, template_name="locations/edit.html"): location = get_object_or_404(Location, pk=id) if has_perm(request.user,'locations.change_location',location): if request.method == "POST": form = form_class(request.POST, instance=location, user=request.user) if form.is_valid(): location = form.save(commit=False) # update all permissions and save the model location = update_perms_and_save(request, form, location) log_defaults = { 'event_id' : 832000, 'event_data': '%s (%d) edited by %s' % (location._meta.object_name, location.pk, request.user), 'description': '%s edited' % location._meta.object_name, 'user': request.user, 'request': request, 'instance': location, } EventLog.objects.log(**log_defaults) messages.add_message(request, messages.SUCCESS, 'Successfully updated %s' % location) return HttpResponseRedirect(reverse('location', args=[location.pk])) else: form = form_class(instance=location, user=request.user) return render_to_response(template_name, {'location': location, 'form':form}, context_instance=RequestContext(request)) else: raise Http403
def edit(request, id, form_class=ResumeForm, template_name="resumes/edit.html"): resume = get_object_or_404(Resume, pk=id) if has_perm(request.user,'resumes.change_resume',resume): if request.method == "POST": form = form_class(request.POST, instance=resume, user=request.user) if form.is_valid(): resume = form.save(commit=False) resume = update_perms_and_save(request, form, resume) log_defaults = { 'event_id' : 352000, 'event_data': '%s (%d) edited by %s' % (resume._meta.object_name, resume.pk, request.user), 'description': '%s edited' % resume._meta.object_name, 'user': request.user, 'request': request, 'instance': resume, } EventLog.objects.log(**log_defaults) messages.add_message(request, messages.SUCCESS, 'Successfully updated %s' % resume) return HttpResponseRedirect(reverse('resume', args=[resume.slug])) else: form = form_class(instance=resume, user=request.user) return render_to_response(template_name, {'resume': resume, 'form':form}, context_instance=RequestContext(request)) else: raise Http403
def save_model(self, request, object, form, change): app = form.save(commit=False) add = not change # update all permissions and save the model app = update_perms_and_save(request, form, app) if add: # default application fields for default_field in get_default_membership_fields(use_for_corp=app.use_for_corp): default_field.update({'app':app}) AppField.objects.create(**default_field) if change: edit_app_update_corp_fields(app) form.save_m2m() reserved_names = ( 'membership_type', 'payment_method', 'first_name', 'last_name', 'email', 'corporate_membership' ) for field in app.fields.visible(): if 'membership-type' in field.field_type: field.content_type = ContentType.objects.get_for_model(MembershipType) choices = [item.name for item in app.membership_types.all()] field.choices = ", ".join(choices) elif 'payment-method' in field.field_type: field.content_type = ContentType.objects.get_for_model(PaymentMethod) choices = [item.human_name for item in app.payment_methods.all()] field.choices = ", ".join(choices) if 'first-name' in field.field_type: field.content_type = ContentType.objects.get_for_model(User) elif 'last-name' in field.field_type: field.content_type = ContentType.objects.get_for_model(User) elif 'email' in field.field_type: field.content_type = ContentType.objects.get_for_model(User) elif 'corporate_membership_id' in field.field_type: field.content_type = ContentType.objects.get_for_model(Membership) if not field.field_name in reserved_names: field.field_name = slugify(field.label).replace('-','_') # check field_name after slugify if field.field_name in reserved_names: hex_tail = uuid.uuid1().get_hex()[:3] field.field_name = '%s_%s' % (field.field_name, hex_tail) field.save() return app
def save_model(self, request, object, form, change): instance = form.save(commit=False) instance = update_perms_and_save(request, form, instance) # save the object form.save_m2m() return instance
def add(request, form_class=ResumeForm, template_name="resumes/add.html"): can_add_active = has_perm(request.user, 'resumes.add_resume') if request.method == "POST": form = form_class(request.POST, user=request.user) if form.is_valid(): resume = form.save(commit=False) # set it to pending if the user does not have add permission if not can_add_active: resume.status = 0 resume.status_detail = 'pending' # set up the expiration time based on requested duration now = now_localized() resume.expiration_dt = now + timedelta(days=resume.requested_duration) resume = update_perms_and_save(request, form, resume) log_defaults = { 'event_id' : 351000, 'event_data': '%s (%d) added by %s' % (resume._meta.object_name, resume.pk, request.user), 'description': '%s added' % resume._meta.object_name, 'user': request.user, 'request': request, 'instance': resume, } EventLog.objects.log(**log_defaults) if request.user.is_authenticated(): messages.add_message(request, messages.SUCCESS, 'Successfully added %s' % resume) # send notification to administrators recipients = get_notice_recipients('module', 'resumes', 'resumerecipients') if recipients: if notification: extra_context = { 'object': resume, 'request': request, } notification.send_emails(recipients,'resume_added', extra_context) if not request.user.is_authenticated(): return HttpResponseRedirect(reverse('resume.thank_you')) else: return HttpResponseRedirect(reverse('resume', args=[resume.slug])) else: form = form_class(user=request.user) return render_to_response(template_name, {'form':form}, context_instance=RequestContext(request))
def edit(request, id, set_id=0, form_class=PhotoEditForm, template_name="photos/edit.html"): """ edit photo view """ # get photo photo = get_object_or_404(Image, id=id) set_id = int(set_id) # permissions if not has_perm(request.user,'photologue.change_photo',photo): raise Http403 # get available photo sets photo_sets = PhotoSet.objects.all() if request.method == "POST": #if photo.member != request.user: # no permission # request.user.message_set.create(message="You can't edit photos that aren't yours") # return HttpResponseRedirect(reverse('photo', args=(photo.id, set_id))) if request.POST["action"] == "update": form = form_class(request.POST, instance=photo, user=request.user) if form.is_valid(): photo = form.save(commit=False) # update all permissions and save the model photo = update_perms_and_save(request, form, photo) log_defaults = { 'event_id' : 990200, 'event_data': '%s (%d) edited by %s' % (photo._meta.object_name, photo.pk, request.user), 'description': '%s edited' % photo._meta.object_name, 'user': request.user, 'request': request, 'instance': photo, } EventLog.objects.log(**log_defaults) request.user.message_set.create(message=_("Successfully updated photo '%s'") % photo.title) return HttpResponseRedirect(reverse("photo", kwargs={"id": photo.id, "set_id": set_id})) else: form = form_class(instance=photo, user=request.user) else: form = form_class(instance=photo, user=request.user) return render_to_response(template_name, { "photo_form": form, "photo": photo, "photo_sets": photo_sets, "id": photo.id, "set_id": set_id, }, context_instance=RequestContext(request))
def photoset_edit(request, id, form_class=PhotoSetEditForm, template_name="photos/photo-set/edit.html"): from perms.object_perms import ObjectPermission photo_set = get_object_or_404(PhotoSet, id=id) # if no permission; permission exception if not has_perm(request.user,'photos.change_photoset',photo_set): raise Http403 if request.method == "POST": if request.POST["action"] == "edit": form = form_class(request.POST, instance=photo_set, user=request.user) if form.is_valid(): photo_set = form.save(commit=False) # update all permissions and save the model photo_set = update_perms_and_save(request, form, photo_set) # copy all privacy settings from photo set to photos Image.objects.filter(photoset=photo_set).update(**get_privacy_settings(photo_set)) # photo set group permissions group_perms = photo_set.perms.filter(group__isnull=False).values_list('group','codename') group_perms = tuple([(unicode(g), c.split('_')[0]) for g, c in group_perms ]) photos = Image.objects.filter(photoset=photo_set) for photo in photos: ObjectPermission.objects.remove_all(photo) ObjectPermission.objects.assign_group(group_perms, photo) request.user.message_set.create(message=_("Successfully updated photo set! ") + '') EventLog.objects.log(**{ 'event_id' : 991200, 'event_data': '%s (%d) edited by %s' % (photo_set._meta.object_name, photo_set.pk, request.user), 'description': '%s edited' % photo_set._meta.object_name, 'user': request.user, 'request': request, 'instance': photo_set, }) return HttpResponseRedirect(reverse('photoset_details', args=[photo_set.id])) else: form = form_class(instance=photo_set, user=request.user) return render_to_response(template_name, { 'photo_set': photo_set, "photoset_form": form, }, context_instance=RequestContext(request))
def save_model(self, request, object, form, change): instance = form.save(commit=False) # update all permissions and save the model instance = update_perms_and_save(request, form, instance) # notifications if not is_admin(request.user): # send notification to administrators recipients = get_notice_recipients('site', 'global', 'allnoticerecipients') if recipients: if notification: extra_context = { 'object': instance, 'request': request, } notification.send_emails(recipients, notice_type, extra_context) return instance
def edit(request, id, form_class=FormForm, template_name="forms/edit.html"): form_instance = get_object_or_404(Form, pk=id) if not has_perm(request.user,'forms.change_form',form_instance): raise Http403 PricingFormSet = inlineformset_factory(Form, Pricing, form=PricingForm, extra=2) if request.method == "POST": form = form_class(request.POST, instance=form_instance, user=request.user) formset = PricingFormSet(request.POST, instance=form_instance) if form.is_valid() and formset.is_valid(): form_instance = form.save(commit=False) form_instance = update_perms_and_save(request, form, form_instance) form.save_m2m() # save payment methods formset.save() # save price options # remove all pricings if no custom_payment form if not form.cleaned_data['custom_payment']: form_instance.pricing_set.all().delete() log_defaults = { 'event_id' : 587200, 'event_data': '%s (%d) edited by %s' % (form_instance._meta.object_name, form_instance.pk, request.user), 'description': '%s edited' % form_instance._meta.object_name, 'user': request.user, 'request': request, 'instance': form_instance, } EventLog.objects.log(**log_defaults) messages.add_message(request, messages.SUCCESS, 'Successfully edited %s' % form_instance) return HttpResponseRedirect(reverse('form_field_update', args=[form_instance.pk])) else: form = form_class(instance=form_instance, user=request.user) formset = PricingFormSet(instance=form_instance) return render_to_response(template_name, { 'form':form, 'formset':formset, 'form_instance':form_instance, },context_instance=RequestContext(request))
def edit(request, id, form_class=StoryForm, template_name="stories/edit.html"): story = get_object_or_404(Story, pk=id) if has_perm(request.user,'stories.change_story', story): if request.method == "POST": form = form_class(request.POST, request.FILES, instance=story, user=request.user) if form.is_valid(): story = form.save(commit=False) story = update_perms_and_save(request, form, story) # save photo photo = form.cleaned_data['photo_upload'] if photo: story.save(photo=photo) log_defaults = { 'event_id' : 1060200, 'event_data': '%s (%d) edited by %s' % (story._meta.object_name, story.pk, request.user), 'description': '%s edited' % story._meta.object_name, 'user': request.user, 'request': request, 'instance': story, } EventLog.objects.log(**log_defaults) messages.add_message(request, messages.SUCCESS, 'Successfully updated %s' % story) redirect_to = request.REQUEST.get('next', '') if redirect_to: return HttpResponseRedirect(redirect_to) else: return redirect('story', id=story.pk) else: form = form_class(instance=story, user=request.user) else: raise Http403 return render_to_response(template_name, {'story': story, 'form':form }, context_instance=RequestContext(request))
def add(request, form_class=StoryForm, template_name="stories/add.html"): if has_perm(request.user,'stories.add_story'): if request.method == "POST": form = form_class(request.POST, request.FILES, user=request.user) if form.is_valid(): story = form.save(commit=False) story = update_perms_and_save(request, form, story) # save photo photo = form.cleaned_data['photo_upload'] if photo: story.save(photo=photo) log_defaults = { 'event_id' : 1060100, 'event_data': '%s (%d) added by %s' % (story._meta.object_name, story.pk, request.user), 'description': '%s added' % story._meta.object_name, 'user': request.user, 'request': request, 'instance': story, } EventLog.objects.log(**log_defaults) messages.add_message(request, messages.SUCCESS, 'Successfully added %s' % story) return HttpResponseRedirect(reverse('story', args=[story.pk])) else: from pprint import pprint pprint(form.errors.items()) else: form = form_class(user=request.user) tags = request.GET.get('tags', '') if tags: form.fields['tags'].initial = tags else: raise Http403 return render_to_response(template_name, {'form':form}, context_instance=RequestContext(request))
def edit(request, id=None, form_class=HelpFileForm, template_name="help_files/edit.html"): help_file = get_object_or_404(HelpFile, pk=id) if has_perm(request.user, "help_files.change_helpfile", help_file): if request.method == "POST": form = form_class(request.POST, instance=help_file, user=request.user) if form.is_valid(): help_file = form.save(commit=False) # add all permissions and save the model help_file = update_perms_and_save(request, form, help_file) form.save_m2m() log_defaults = { "event_id": 1000200, "event_data": "%s (%d) edited by %s" % (help_file._meta.object_name, help_file.pk, request.user), "description": "%s edited" % help_file._meta.object_name, "user": request.user, "request": request, "instance": help_file, } EventLog.objects.log(**log_defaults) messages.add_message(request, messages.SUCCESS, "Successfully edited %s" % help_file) # send notification to administrator(s) and module recipient(s) recipients = get_notice_recipients("module", "help_files", "helpfilerecipients") # if recipients and notification: # notification.send_emails(recipients,'help_file_added', { # 'object': help_file, # 'request': request, # }) return HttpResponseRedirect(reverse("help_file.details", args=[help_file.slug])) else: form = form_class(instance=help_file, user=request.user) return render_to_response( template_name, {"help_file": help_file, "form": form}, context_instance=RequestContext(request) ) else: raise Http403
def add(request, form_class=FormForm, template_name="forms/add.html"): if not has_perm(request.user,'forms.add_form'): raise Http403 PricingFormSet = inlineformset_factory(Form, Pricing, form=PricingForm, extra=2, can_delete=False) formset = PricingFormSet() if request.method == "POST": form = form_class(request.POST, user=request.user) if form.is_valid(): form_instance = form.save(commit=False) formset = PricingFormSet(request.POST, instance=form_instance) if formset.is_valid(): # save form and associated pricings form_instance = update_perms_and_save(request, form, form_instance) # update_perms_and_save does not appear to consider ManyToManyFields for method in form.cleaned_data['payment_methods']: form_instance.payment_methods.add(method) formset.save() log_defaults = { 'event_id' : 587100, 'event_data': '%s (%d) added by %s' % (form_instance._meta.object_name, form_instance.pk, request.user), 'description': '%s added' % form_instance._meta.object_name, 'user': request.user, 'request': request, 'instance': form_instance, } EventLog.objects.log(**log_defaults) messages.add_message(request, messages.SUCCESS, 'Successfully added %s' % form_instance) return HttpResponseRedirect(reverse('form_field_update', args=[form_instance.pk])) else: form = form_class(user=request.user) return render_to_response(template_name, { 'form':form, 'formset':formset, }, context_instance=RequestContext(request))
def save_model(self, request, object, form, change): instance = form.save(commit=False) instance = update_perms_and_save(request, form, instance) # notifications if not is_admin(request.user): # send notification to administrators recipients = get_notice_recipients('module', 'pages', 'pagerecipients') notice_type = 'page_added' if change: notice_type = 'page_edited' if recipients: if notification: extra_context = { 'object': instance, 'request': request, } notification.send_emails(recipients, notice_type, extra_context) return instance # admin.site.register(Page, PageAdmin)
def add(request, form_class=ArticleForm, template_name="articles/add.html"): if has_perm(request.user,'articles.add_article'): if request.method == "POST": form = form_class(request.POST, user=request.user) if form.is_valid(): article = form.save(commit=False) # add all permissions and save the model articles = update_perms_and_save(request, form, article) log_defaults = { 'event_id' : 431000, 'event_data': '%s (%d) added by %s' % (article._meta.object_name, article.pk, request.user), 'description': '%s added' % article._meta.object_name, 'user': request.user, 'request': request, 'instance': article, } EventLog.objects.log(**log_defaults) messages.add_message(request, messages.SUCCESS, 'Successfully added %s' % article) # send notification to administrator(s) and module recipient(s) recipients = get_notice_recipients('module', 'articles', 'articlerecipients') if recipients and notification: notification.send_emails(recipients,'article_added', { 'object': article, 'request': request, }) return HttpResponseRedirect(reverse('article', args=[article.slug])) else: form = form_class(user=request.user) return render_to_response(template_name, {'form':form}, context_instance=RequestContext(request)) else: raise Http403
def add(request, form_class=NewsForm, template_name="news/add.html"): # check permission if not has_perm(request.user, "news.add_news"): raise Http403 if request.method == "POST": form = form_class(request.POST, user=request.user) if form.is_valid(): news = form.save(commit=False) # update all permissions and save the model news = update_perms_and_save(request, form, news) log_defaults = { "event_id": 305100, "event_data": "%s (%d) added by %s" % (news._meta.object_name, news.pk, request.user), "description": "%s added" % news._meta.object_name, "user": request.user, "request": request, "instance": news, } EventLog.objects.log(**log_defaults) messages.add_message(request, messages.SUCCESS, "Successfully added %s" % news) # send notification to administrators recipients = get_notice_recipients("module", "news", "newsrecipients") if recipients: if notification: extra_context = {"object": news, "request": request} notification.send_emails(recipients, "news_added", extra_context) return HttpResponseRedirect(reverse("news.view", args=[news.slug])) else: form = form_class(user=request.user) return render_to_response(template_name, {"form": form}, context_instance=RequestContext(request))
def photoset_add(request, form_class=PhotoSetAddForm, template_name="photos/photo-set/add.html"): """ Add a photo set """ # if no permission; permission exception if not has_perm(request.user,'photos.add_photoset'): raise Http403 if request.method == "POST": if request.POST["action"] == "add": form = form_class(request.POST, user=request.user) if form.is_valid(): photo_set = form.save(commit=False) photo_set.author = request.user # update all permissions and save the model photo_set = update_perms_and_save(request, form, photo_set) log_defaults = { 'event_id' : 991100, 'event_data': '%s (%d) added by %s' % (photo_set._meta.object_name, photo_set.pk, request.user), 'description': '%s added' % photo_set._meta.object_name, 'user': request.user, 'request': request, 'instance': photo_set, } EventLog.objects.log(**log_defaults) request.user.message_set.create(message=_("Successfully added photo set!") + '') return HttpResponseRedirect(reverse('photos_batch_add', kwargs={'photoset_id':photo_set.id})) else: form = form_class(user=request.user) return render_to_response(template_name, { "photoset_form": form, }, context_instance=RequestContext(request))
def photos_batch_add(request, photoset_id=0): """ params: request, photoset_id returns: HttpResponse on flash request: photoset_id is passed via request.POST and received as type unicode; i convert to type integer on http request: photoset_id is passed via url """ import uuid from perms.object_perms import ObjectPermission # photoset permission required to add photos if not has_perm(request.user,'photos.add_photoset'): raise Http403 if request.method == 'POST': for field_name in request.FILES: uploaded_file = request.FILES[field_name] # use file to create title; remove extension filename, extension = os.path.splitext(uploaded_file.name) request.POST.update({'title': filename, }) # clean filename; alphanumeric with dashes filename = re.sub(r'[^a-zA-Z0-9._]+', '-', filename) # truncate; make unique; append extension request.FILES[field_name].name = \ filename[:70] + '-' + unicode(uuid.uuid1())[:5] + extension # photoset_id set in swfupload photoset_id = int(request.POST["photoset_id"]) request.POST.update({ 'owner': request.user.id, 'owner_username': unicode(request.user), 'creator_username': unicode(request.user), 'status': True, 'status_detail': 'active', }) photo_form = PhotoUploadForm(request.POST, request.FILES, user=request.user) if photo_form.is_valid(): # save photo photo = photo_form.save(commit=False) photo.creator = request.user photo.member = request.user photo.safetylevel = 3 photo.allow_anonymous_view = True # update all permissions and save the model photo = update_perms_and_save(request, photo_form, photo) EventLog.objects.log(**{ 'event_id' : 990100, 'event_data': '%s (%d) added by %s' % (photo._meta.object_name, photo.pk, request.user), 'description': '%s added' % photo._meta.object_name, 'user': request.user, 'request': request, 'instance': photo, }) # add to photo set if photo set is specified if photoset_id: photo_set = get_object_or_404(PhotoSet, id=photoset_id) photo_set.image_set.add(photo) privacy = get_privacy_settings(photo_set) # photo privacy = album privacy for k, v in privacy.items(): setattr(photo, k, v) photo.save() # real time search index hooked to save method print 'i waited' # photo group perms = album group perms group_perms = photo_set.perms.filter(group__isnull=False).values_list('group','codename') group_perms = tuple([(unicode(g), c.split('_')[0]) for g, c in group_perms ]) ObjectPermission.objects.assign_group(group_perms, photo) # serialize queryset data = serializers.serialize("json", Image.objects.filter(id=photo.id)) # returning a response of "ok" (flash likes this) # response is for flash, not humans return HttpResponse(data, mimetype="text/plain") else: return HttpResponse("photo is not valid", mimetype="text/plain") else: if not photoset_id: HttpResponseRedirect(reverse('photoset_latest')) photo_set = get_object_or_404(PhotoSet, id=photoset_id) # show the upload UI return render_to_response('photos/batch-add.html', { "photoset_id":photoset_id, "photo_set": photo_set, "csrf_token": csrf_get_token(request) }, context_instance=RequestContext(request))
def application_details(request, slug=None, cmb_id=None, imv_id=0, imv_guid=None, secret_hash="", membership_id=0, template_name="memberships/applications/details.html"): """ Display a built membership application and handle submission. """ if not slug: raise Http404 user = request.user app = get_object_or_404(App, slug=slug) if not app.allow_view_by(user): raise Http403 # if this app is for corporation individuals, redirect them to corp-pre page if # they have not passed the security check. is_corp_ind = False corporate_membership = None if hasattr(app, 'corp_app') and app.corp_app: if not cmb_id: # redirect them to the corp_pre page return redirect(reverse('membership.application_details_corp_pre', args=[app.slug])) is_corp_ind = True corporate_membership = get_object_or_404(CorporateMembership, id=cmb_id) # check if they have verified their email or entered the secret code is_verified = False if is_admin(request.user) or app.corp_app.authentication_method == 'admin': is_verified = True elif app.corp_app.authentication_method == 'email': try: indiv_veri = IndivMembEmailVeri8n.objects.get(pk=imv_id, guid=imv_guid) if indiv_veri.verified: is_verified = True except IndivMembEmailVeri8n.DoesNotExist: pass elif app.corp_app.authentication_method == 'secret_code': tmp_secret_hash = md5('%s%s' % (corporate_membership.secret_code, request.session.get('corp_hash_random_string', ''))).hexdigest() if secret_hash == tmp_secret_hash: is_verified = True if not is_verified: return redirect(reverse('membership.application_details_corp_pre', args=[slug])) # log application details view EventLog.objects.log(**{ 'event_id' : 655000, 'event_data': '%s (%d) viewed by %s' % (app._meta.object_name, app.pk, user), 'description': '%s viewed' % app._meta.object_name, 'user': user, 'request': request, 'instance': app, }) initial_dict = {} if hasattr(user, 'memberships'): membership = user.memberships.get_membership() is_only_a_member = [ is_developer(user) == False, is_admin(user) == False, is_member(user) == True, ] if corporate_membership: # exclude corp. reps, creator and owner - they should be able to add new is_only_a_member.append(corporate_membership.allow_edit_by(user)==False) # deny access to renew memberships if all(is_only_a_member): initial_dict = membership.get_app_initial(app) if not membership.can_renew(): return render_to_response("memberships/applications/no-renew.html", { "app": app, "user":user, "membership": membership}, context_instance=RequestContext(request)) pending_entries = [] if hasattr(user, 'appentry_set'): pending_entries = user.appentry_set.filter( is_approved__isnull = True, # pending ) # if an application entry was submitted # after your current membership was created if user.memberships.get_membership(): pending_entries.filter( entry_time__gte = user.memberships.get_membership().subscribe_dt ) app_entry_form = AppEntryForm( app, request.POST or None, request.FILES or None, user=user, corporate_membership=corporate_membership, initial=initial_dict, ) if request.method == "POST": if app_entry_form.is_valid(): entry = app_entry_form.save(commit=False) entry_invoice = entry.save_invoice() if user.is_authenticated(): entry.user = user entry.is_renewal = all(is_only_a_member) # add all permissions and save the model entry = update_perms_and_save(request, app_entry_form, entry) # administrators go to approve/disapprove page if is_admin(user): return redirect(reverse('membership.application_entries', args=[entry.pk])) # send "joined" notification Notice.send_notice( entry=entry, request = request, emails=entry.email, notice_type='join', membership_type=entry.membership_type, ) if entry_invoice.total == 0: if not entry_invoice.is_tendered: entry_invoice.tender(request.user) # online payment if entry_invoice.total>0 and entry.payment_method and entry.payment_method.is_online: return HttpResponseRedirect(reverse( 'payments.views.pay_online', args=[entry_invoice.pk, entry_invoice.guid] )) if not entry.approval_required(): entry.approve() # silence old memberships within renewal period Membership.objects.silence_old_memberships(entry.user) # get user from the membership since it's null in the entry entry.user = entry.membership.user membership_total = Membership.objects.filter(status=True, status_detail='active').count() # send "approved" notification Notice.send_notice( request = request, emails=entry.email, notice_type='approve', membership=entry.membership, membership_type=entry.membership_type, ) if not user.is_authenticated(): from django.core.mail import send_mail from django.utils.http import int_to_base36 from django.contrib.auth.tokens import default_token_generator from site_settings.utils import get_setting token_generator = default_token_generator site_url = get_setting('site', 'global', 'siteurl') site_name = get_setting('site', 'global', 'sitedisplayname') # send new user account welcome email (notification) notification.send_emails([entry.user.email],'user_welcome', { 'site_url': site_url, 'site_name': site_name, 'uid': int_to_base36(entry.user.id), 'user': entry.user, 'username': entry.user.username, 'token': token_generator.make_token(entry.user), }) # log - entry approval EventLog.objects.log(**{ 'event_id' : 1082101, 'event_data': '%s (%d) approved by %s' % (entry._meta.object_name, entry.pk, entry.judge), 'description': '%s viewed' % entry._meta.object_name, 'user': user, 'request': request, 'instance': entry, }) # log - entry submission EventLog.objects.log(**{ 'event_id' : 1081000, 'event_data': '%s (%d) submitted by %s' % (entry._meta.object_name, entry.pk, request.user), 'description': '%s viewed' % entry._meta.object_name, 'user': user, 'request': request, 'instance': entry, }) return redirect(entry.confirmation_url) return render_to_response(template_name, { 'app': app, 'app_entry_form': app_entry_form, 'pending_entries': pending_entries, }, context_instance=RequestContext(request))
def edit(request, id, form_class=JobForm, template_name="jobs/edit.html"): job = get_object_or_404(Job, pk=id) if not has_perm(request.user, 'jobs.change_job', job): raise Http403 form = form_class(request.POST or None, instance=job, user=request.user) #setup categories content_type = get_object_or_404(ContentType, app_label='jobs',model='job') category = Category.objects.get_for_object(job,'category') sub_category = Category.objects.get_for_object(job,'sub_category') initial_category_form_data = { 'app_label': 'jobs', 'model': 'job', 'pk': job.pk, 'category': getattr(category,'name','0'), 'sub_category': getattr(sub_category,'name','0') } if is_admin(request.user): category_form_class = CategoryForm else: category_form_class = CategoryForm2 categoryform = category_form_class( content_type, request.POST or None, initial= initial_category_form_data, prefix='category') # delete admin only fields for non-admin on edit - GJQ 8/25/2010 if not is_admin(request.user): del form.fields['pricing'] del form.fields['list_type'] if form.fields.has_key('activation_dt'): del form.fields['activation_dt'] if form.fields.has_key('post_dt'): del form.fields['post_dt'] if form.fields.has_key('expiration_dt'): del form.fields['expiration_dt'] if form.fields.has_key('entity'): del form.fields['entity'] del form.fields['payment_method'] if request.method == "POST": if form.is_valid() and categoryform.is_valid(): job = form.save(commit=False) job = update_perms_and_save(request, form, job) ## update the category of the job category_removed = False category = categoryform.cleaned_data['category'] if category != '0': Category.objects.update(job ,category,'category') else: # remove category_removed = True Category.objects.remove(job ,'category') Category.objects.remove(job ,'sub_category') if not category_removed: # update the sub category of the article sub_category = categoryform.cleaned_data['sub_category'] if sub_category != '0': Category.objects.update(job, sub_category,'sub_category') else: # remove Category.objects.remove(job,'sub_category') #save relationships job.save() log_defaults = { 'event_id': 252000, 'event_data': '%s (%d) edited by %s' % (job._meta.object_name, job.pk, request.user), 'description': '%s edited' % job._meta.object_name, 'user': request.user, 'request': request, 'instance': job, } EventLog.objects.log(**log_defaults) messages.add_message(request, messages.SUCCESS, 'Successfully updated %s' % job) return HttpResponseRedirect(reverse('job', args=[job.slug])) return render_to_response(template_name, {'job': job, 'form': form, 'categoryform':categoryform}, context_instance=RequestContext(request))
def add(request, form_class=JobForm, template_name="jobs/add.html"): require_payment = get_setting('module', 'jobs', 'jobsrequirespayment') can_add_active = has_perm(request.user, 'jobs.add_job') content_type = get_object_or_404(ContentType, app_label='jobs',model='job') if is_admin(request.user): category_form_class = CategoryForm else: category_form_class = CategoryForm2 if request.method == "POST": form = form_class(request.POST, user=request.user) categoryform = category_form_class( content_type, request.POST, prefix='category') # adjust the fields depending on user type if not require_payment: del form.fields['payment_method'] del form.fields['list_type'] if form.is_valid() and categoryform.is_valid(): job = form.save(commit=False) pricing = form.cleaned_data['pricing'] # set it to pending if the user is anonymous or not an admin if not can_add_active: #job.status = 1 job.status_detail = 'pending' # list types and duration if not job.requested_duration: job.requested_duration = 30 if not job.list_type: job.list_type = 'regular' # set up all the times now = now_localized() job.activation_dt = now if not job.post_dt: job.post_dt = now # set the expiration date job.expiration_dt = job.activation_dt + timedelta(days=job.requested_duration) # semi-anon job posts don't get a slug field on the form # see __init__ method in JobForm if not job.slug: #job.slug = get_job_unique_slug(slugify(job.title)) job.slug = '%s-%s' % (slugify(job.title), Job.objects.count()) job = update_perms_and_save(request, form, job) # create invoice job_set_inv_payment(request.user, job, pricing) #setup categories category = Category.objects.get_for_object(job,'category') sub_category = Category.objects.get_for_object(job,'sub_category') ## update the category of the article category_removed = False category = categoryform.cleaned_data['category'] if category != '0': Category.objects.update(job,category,'category') else: # remove category_removed = True Category.objects.remove(job,'category') Category.objects.remove(job,'sub_category') if not category_removed: # update the sub category of the article sub_category = categoryform.cleaned_data['sub_category'] if sub_category != '0': Category.objects.update(job, sub_category,'sub_category') else: # remove Category.objects.remove(job,'sub_category') #save relationships job.save() log_defaults = { 'event_id': 251000, 'event_data': '%s (%d) added by %s' % (job._meta.object_name, job.pk, request.user), 'description': '%s added' % job._meta.object_name, 'user': request.user, 'request': request, 'instance': job, } EventLog.objects.log(**log_defaults) messages.add_message(request, messages.SUCCESS, 'Successfully added %s' % job) # send notification to administrators recipients = get_notice_recipients('module', 'jobs', 'jobrecipients') if recipients: if notification: extra_context = { 'object': job, 'request': request, } notification.send_emails(recipients, 'job_added', extra_context) # send user to the payment page if payment is required if require_payment: if job.payment_method.lower() in ['credit card', 'cc']: if job.invoice and job.invoice.balance > 0: return HttpResponseRedirect(reverse( 'payments.views.pay_online', args=[job.invoice.id, job.invoice.guid]) ) # send user to thank you or view page if is_admin(request.user): return HttpResponseRedirect(reverse('job', args=[job.slug])) else: return HttpResponseRedirect(reverse('job.thank_you')) else: # Redirect user w/perms to create pricing if none exist pricings = JobPricing.objects.all() if not pricings and has_perm(request.user, 'jobs.add_jobpricing'): messages.add_message(request, messages.WARNING, 'You need to add a %s Pricing before you can add a %s.' % (get_setting('module', 'jobs', 'label_plural'),get_setting('module', 'jobs', 'label'))) return HttpResponseRedirect(reverse('job_pricing.add')) form = form_class(user=request.user) initial_category_form_data = { 'app_label': 'jobs', 'model': 'job', 'pk': 0, #not used for this view but is required for the form } categoryform = category_form_class( content_type, initial=initial_category_form_data, prefix='category') # adjust the fields depending on user type if not require_payment: del form.fields['payment_method'] del form.fields['list_type'] return render_to_response(template_name, {'form': form, 'categoryform':categoryform}, context_instance=RequestContext(request))